Skip to content

Commit

Permalink
Enable TLS for Redis (#546)
Browse files Browse the repository at this point in the history 
Signed-off-by: Emon331046 <emon@appscode.com>
  • Loading branch information
@Emon46
Emon46 committed Jul 25, 2020
1 parent 68e0084 commit 2855227
Show file tree
Hide file tree
Showing 11 changed files with 586 additions and 293 deletions.
8 changes: 8 additions & 0 deletions apis/kubedb/v1alpha1/constants.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,14 @@ const (
RedisNodePort = 6379
RedisGossipPort = 16379

RedisKeyFileSecretSuffix = "key"
RedisExternalClientSecretSuffix = "client-cert"
RedisExporterClientSecretSuffix = "exporter-cert"
RedisServerSecretSuffix = "server-cert"
RedisPEMSecretSuffix = "pem"
RedisClientCertOrganization = DatabaseNamePrefix + ":client"
RedisCertificateCN = "root"

PgBouncerServingClientSuffix = "serving-client-cert"
PgBouncerExporterClientCertSuffix = "exporter-cert"
PgBouncerServingServerSuffix = "serving-server-cert"
Expand Down
628 changes: 341 additions & 287 deletions apis/kubedb/v1alpha1/generated.pb.go
View file

Large diffs are not rendered by default.

4 changes: 4 additions & 0 deletions apis/kubedb/v1alpha1/generated.proto
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 7 additions & 1 deletion apis/kubedb/v1alpha1/openapi_generated.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion apis/kubedb/v1alpha1/redis_helpers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,9 @@ import (
ofst "kmodules.xyz/offshoot-api/api/v1"
)

const RedisShardAffinityTemplateVar = "SHARD_INDEX"
const (
RedisShardAffinityTemplateVar = "SHARD_INDEX"
)

func (_ Redis) CustomResourceDefinition() *apiextensions.CustomResourceDefinition {
return crds.MustCustomResourceDefinition(SchemeGroupVersion.WithResource(ResourcePluralRedis))
Expand Down
4 changes: 4 additions & 0 deletions apis/kubedb/v1alpha1/redis_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,10 @@ type RedisSpec struct {
// Template.
UpdateStrategy apps.StatefulSetUpdateStrategy `json:"updateStrategy,omitempty" protobuf:"bytes,11,opt,name=updateStrategy"`

// TLS contains tls configurations for client and server.
// +optional
TLS *TLSConfig `json:"tls,omitempty" protobuf:"bytes,15,opt,name=tls"`

// Indicates that the database is paused and controller will not sync any changes made to this spec.
// +optional
Paused bool `json:"paused,omitempty" protobuf:"varint,12,opt,name=paused"`
Expand Down
5 changes: 5 additions & 0 deletions apis/kubedb/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 4 additions & 4 deletions crds/bindata.go
View file

Large diffs are not rendered by default.

103 changes: 103 additions & 0 deletions crds/kubedb.com_redises.v1.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4788,6 +4788,109 @@ spec:
- WipeOut
- DoNotTerminate
type: string
tls:
description: TLS contains tls configurations for client and server.
properties:
certificate:
description: 'Certificate provides server certificate options
used by PgBouncer pods. These options are passed to a cert-manager
Certificate object. xref: https://github.com/jetstack/cert-manager/blob/v0.16.0/pkg/apis/certmanager/v1beta1/types_certificate.go#L82-L162'
properties:
dnsNames:
description: DNSNames is a list of subject alt names to be
used on the Certificate.
items:
type: string
type: array
duration:
description: Certificate default Duration
type: string
emailSANs:
description: EmailSANs is a list of email subjectAltNames
to be set on the Certificate.
items:
type: string
type: array
ipAddresses:
description: IPAddresses is a list of IP addresses to be used
on the Certificate
items:
type: string
type: array
renewBefore:
description: Certificate renew before expiration duration
type: string
subject:
description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).
properties:
countries:
description: Countries to be used on the Certificate.
items:
type: string
type: array
localities:
description: Cities to be used on the Certificate.
items:
type: string
type: array
organizationalUnits:
description: Organizational Units to be used on the Certificate.
items:
type: string
type: array
organizations:
description: Organizations to be used on the Certificate.
items:
type: string
type: array
postalCodes:
description: Postal codes to be used on the Certificate.
items:
type: string
type: array
provinces:
description: State/Provinces to be used on the Certificate.
items:
type: string
type: array
serialNumber:
description: Serial number to be used on the Certificate.
type: string
streetAddresses:
description: Street addresses to be used on the Certificate.
items:
type: string
type: array
type: object
uriSANs:
description: URISANs is a list of URI Subject Alternative
Names to be set on this Certificate.
items:
type: string
type: array
type: object
issuerRef:
description: IssuerRef is a reference to a Certificate Issuer.
properties:
apiGroup:
description: APIGroup is the group for the resource being
referenced. If APIGroup is not specified, the specified
Kind must be in the core API group. For any other third-party
types, APIGroup is required.
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- kind
- name
type: object
required:
- issuerRef
type: object
updateStrategy:
description: updateStrategy indicates the StatefulSetUpdateStrategy
that will be employed to update Pods in the StatefulSet when a revision
Expand Down
103 changes: 103 additions & 0 deletions crds/kubedb.com_redises.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4720,6 +4720,109 @@ spec:
- WipeOut
- DoNotTerminate
type: string
tls:
description: TLS contains tls configurations for client and server.
properties:
certificate:
description: 'Certificate provides server certificate options used
by PgBouncer pods. These options are passed to a cert-manager
Certificate object. xref: https://github.com/jetstack/cert-manager/blob/v0.16.0/pkg/apis/certmanager/v1beta1/types_certificate.go#L82-L162'
properties:
dnsNames:
description: DNSNames is a list of subject alt names to be used
on the Certificate.
items:
type: string
type: array
duration:
description: Certificate default Duration
type: string
emailSANs:
description: EmailSANs is a list of email subjectAltNames to
be set on the Certificate.
items:
type: string
type: array
ipAddresses:
description: IPAddresses is a list of IP addresses to be used
on the Certificate
items:
type: string
type: array
renewBefore:
description: Certificate renew before expiration duration
type: string
subject:
description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).
properties:
countries:
description: Countries to be used on the Certificate.
items:
type: string
type: array
localities:
description: Cities to be used on the Certificate.
items:
type: string
type: array
organizationalUnits:
description: Organizational Units to be used on the Certificate.
items:
type: string
type: array
organizations:
description: Organizations to be used on the Certificate.
items:
type: string
type: array
postalCodes:
description: Postal codes to be used on the Certificate.
items:
type: string
type: array
provinces:
description: State/Provinces to be used on the Certificate.
items:
type: string
type: array
serialNumber:
description: Serial number to be used on the Certificate.
type: string
streetAddresses:
description: Street addresses to be used on the Certificate.
items:
type: string
type: array
type: object
uriSANs:
description: URISANs is a list of URI Subject Alternative Names
to be set on this Certificate.
items:
type: string
type: array
type: object
issuerRef:
description: IssuerRef is a reference to a Certificate Issuer.
properties:
apiGroup:
description: APIGroup is the group for the resource being referenced.
If APIGroup is not specified, the specified Kind must be in
the core API group. For any other third-party types, APIGroup
is required.
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- kind
- name
type: object
required:
- issuerRef
type: object
updateStrategy:
description: updateStrategy indicates the StatefulSetUpdateStrategy
that will be employed to update Pods in the StatefulSet when a revision
Expand Down
4 changes: 4 additions & 0 deletions openapi/swagger.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30356,6 +30356,10 @@
"description": "TerminationPolicy controls the delete operation for database",
"type": "string"
},
"tls": {
"description": "TLS contains tls configurations for client and server.",
"$ref": "#/definitions/dev.kubedb.apimachinery.apis.kubedb.v1alpha1.TLSConfig"
},
"updateStrategy": {
"description": "updateStrategy indicates the StatefulSetUpdateStrategy that will be employed to update Pods in the StatefulSet when a revision is made to Template.",
"$ref": "#/definitions/io.k8s.api.apps.v1.StatefulSetUpdateStrategy"
Expand Down

0 comments on commit 2855227

Please sign in to comment.